Skip to content

fix: add event message resources to ModSecurityIIS.dll and resolve "Invalid function" errors (#3408) #3438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 29, 2025
Merged

fix: add event message resources to ModSecurityIIS.dll and resolve "Invalid function" errors (#3408) #3438

merged 2 commits into from
Aug 29, 2025

Conversation

A13501350
Copy link

what

  • Added ModSecurityIISMessage.mc event message resource file
  • Updated Makefile.win to:
    • Compile ModSecurityIISMessage.mc to .res resource file
    • Link generated resource into existing ModSecurityIIS.dll
  • Modified installer.wxs to register event source pointing to ModSecurityIIS.dll

why

example results

After the fix, event logs now display properly formatted messages:

PS C:\Users\Hyper-V> get-eventLog -LogName Application -Source ModSecurity -Newest 8

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
     561 Aug 28 23:10  Information ModSecurity                     1 ModSecurity: StatusEngine call failed. Query: G...
     560 Aug 28 23:10  Information ModSecurity                     1 ModSecurity: StatusEngine call: "2.9.12,IIS,1.7...
     559 Aug 28 23:10  Information ModSecurity                     1 ModSecurity: LIBXML compiled version="2.9.14"
     558 Aug 28 23:10  Information ModSecurity                     1 ModSecurity: YAJL compiled version="2.1.0"
     557 Aug 28 23:10  Information ModSecurity                     1 ModSecurity: LUA compiled version="Lua 5.4"
     556 Aug 28 23:10  Information ModSecurity                     1 ModSecurity: PCRE compiled version="8.45 "; loa...
     555 Aug 28 23:10  Information ModSecurity                     1 ModSecurity: APR compiled version="1.7.6"; load...
     554 Aug 28 23:10  Information ModSecurity                     1 ModSecurity for IIS (STABLE)/2.9.12 (http://www...

references

@A13501350
Add event message resource for IIS and update build/installation
0d99f07 
- Added ModSecurityIISMessage.mc message resource file for event source metadata
- Updated Makefile.win to compile .mc to .res resource file and link into ModSecurityIIS.dll
- Modified installer.wxs to register event source pointing to ModSecurityIIS.dll
airween
airween requested changes Aug 28, 2025
View reviewed changes
@airween
Copy link
Member

airween commented Aug 28, 2025

Hi @A13501350,

many thanks for this excellent PR - great description! I added only one note, see above.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@airween
Copy link
Member

airween commented Aug 29, 2025

Thanks @A13501350!

@airween airween merged commit f3f00e3 into owasp-modsecurity:v2/master Aug 29, 2025
82 checks passed
@A13501350 A13501350 deleted the v2/master branch August 29, 2025 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@airween airween airween approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@A13501350 @airween